On Thu, Oct 22, 2020 at 01:23:54PM -0700, Sami Tolvanen wrote: > The kernel currently uses kmem_cache to allocate shadow call stacks, > which means an overflow may not be immediately detected and can > potentially result in another task's shadow stack to be overwritten. > > This change switches SCS to use virtually mapped shadow stacks, > which increases shadow stack size to a full page and provides more > robust overflow detection similarly to VMAP_STACK. > > Signed-off-by: Sami Tolvanen <samitolva...@google.com>
Thanks! I much prefer this to kmem. :) Reviewed-by: Kees Cook <keesc...@chromium.org> -- Kees Cook
